II. CLAIM AMENDMENTS 
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1-2. (Previously Cancelled) 

t 

3. (Currently Amended) A method to authenticate a mobile station 
in a mobile network comprising: 

authenticating the mobile station with user-to-user data 
exchange ; and 

exchanging the data during call set-up or during a call— 
wherein the data is exchanged during a call . 

4.. ' (Previously Amended) A method according to claim 3 wherein 
an encryption key is agreed between two mobile stations. 

5. (Previously Amended) A method according to claim 4, wherein 
the mobile stations . execute a mutual authentication and key 
agreement, protocol based on public-key cryptography. 

6. (Previously Amended) A method according to claim 5, wherein 
a second mobile station is authenticated by 

a first mobile station constructing and sending to the second 
mobile station a first message, the second mobile station 
receiving the first message, 



2 



constructing and sending a second message to the first mobile 
station, 

the first mobile station receiving the second message, 
checking the validity of the information in the second 
message, if the information is verified valid the first 
mobile station accepting to share a shared encryption key K 
with the second mobile station, the first mobile station 
constructing and sending a third message to the second 
mobile station, 

the second mobile station receiving the third message and 
verifying the validity . of the information, if the 
information is valid the second mobile station accepting 
the sharing of the shared encryption key K with the first 
mobile station. 

7. (Previously Amended) A method to authenticate a mobile 
station in a mobile network comprising: 

authenticating the mobile station with user-to-user data 
exchange; 

an encryption key is agreed between two mobile stations; 

the two mobile stations execute a mutual authentication and key 
agreement protocol based on public key cryptography; 

the second mobile station is authenticated by: 
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a first mobile station constructing and sending to the 
second mobile station a first message, the second mobile 
station receiving the first message, 

» 

constructing ' and sending a second message to the first 
mobile station, 

the first mobile station receiving the second message, 
checking the* validity of the information in the second 
message, if the information is verified valid the first 
mobile station accepting to share a shared encryption key 
K with the second mobile station, the first mobile station 
constructing and sending a third message to the second 
mobile station, 

the second mobile station receiving the 'third message and 
verifying the validity of the information, if the 
information is valid the second mobile station accepting 
the sharing of the shared encryption key K with the first 
mobile station, 

the second mobile station is authenticated by the first mobile 
station selecting a prime number p, a generator a of a 
multiplicative group of integers modulo p when p > a > 2 and 
a random secret x when p-2 > x > 1, constructing and sending 
to the second mobile station the first message containing 

a,p,a x modp, 

the second mobile station receiving the first message and 
afterwards generating a secret y when p-2 > y > 1 and 
computing a second shared key K 2 = (a x ) Y mod p, signing a 
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concatenation of exponentials {a y , a x } and encrypting a 
result S B {a y ,a x } with the second shared key leading to 
E K (S B {a y , a x }), constructing and sending the second message 
to the first mobile station containing 

a y mod p 9 cert B9 E K (S B {a y 9 a x }) , 

certificate cert B in the second message containing a signature 
verification key of the second mobile station, the exact 
contents of the certificate being of at least the following 
minimum 

cert B = (B,p B ,a,p 9 S T {B,p B ,a,p}) , 

p B being a public signature verification key of the mobile 
station B and S T a signature transformation of a trusted 
authority T whose public signature verification key is known 
in the first and second mobile stations, 

the first mobile station receiving the second message and 
afterwards computing a first shared encryption key (a y ) x mod 
p = (a x ) y mod p = Ki, checking the validity of the 
certificate cert B the first mobile station,. when the 
certificate cert B is valid the encrypted part E K (S B {a y / a x }) 
of the second message is decrypted to receive a signature 
S B {a y , a x } and the signature S B {a y , a x } is verified with a 
public signature verification key p B of the second mobile 
station, if the signature S B {a y , a x } is verified valid the 
first mobile station accepts to share the shared encryption 
key Kx with the second mobile station, 
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the first mobile station signing a concatenation of 
exponentials {a x , a y } and encrypting result S A {a x ,a y } with the 
first shared key Ki leading to E K (S A {a x , a y }), the first 
mobile station constructing and sending the third message to 
the second mobile station containing 

cert A ,E K (S A {a\a y }), 

cert A including corresponding information with cert B of the 
first mobile station, exact contents of the certificate 
cert A being at least of the following minimum 

cert A = (B,p A ,a,p,S T {B,p A ,a,p}) , 

p A being a. public signature verification key of the first 
subscriber and S T a signature transformation of a: trusted 
authority T whose public signature verification key is known 
by the first and second mobile stations, 

the second mobile station receiving the third message and 
verifying validity of the cert A , decrypting E A (S A {a x , a y }) and 
verifying validity of signature of S A {a x , a y }, if all the 
signatures are valid the second mobile station accepting 
sharing of the second shared encryption key K 2 with the 
mobile station. 

8. (Currently Amended) A method according to claim i3 wherein 
the data is exchanged through user-to-user signalling. 



6 



9. (Previously Amended) A cellular communications system, where 
the first and second mobile stations are wireless connected with 
via base stations, wherein the system comprises 

a) a first mobile station, authenticated with user-to-user data 

i 

exchange during call set up or during a call, that 
constructs and sends a first message, receives and verifies 
the validity of a second message and when the information is 
verified valid accepts to share a shared encryption key K, 
constructs and sends a third message, 

b) a second mobile station, that receives the first message and 
constructs and sends the second message, receives and 
verifies the validity of the third message and when the 
information is valid accepts to share the shared encryption 

. key K with the first mobile station, and 

c) at least one mobile switching centre. 

10. (Previously Amended) A communications system according to 
claim 9, wherein the system comprises two mobile switching 
centres connected together with ISDN. 

11. (Previously Amended) A mobile station, wherein the mobile 
station comprises: 

a) a processor to perform operations needed to form and verify 
messages, to implement authentication of the mobile station 
with user-to-user data exchange during call set up or during 
a call, and key agreement procedures, 
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b) a memory, where procedures and messages are stored with 
necessary parameters and variables, 

c) output means, on which commencement of extra secure 
communication is presented to a user of the mobile station, 

d) input means to enable validation of the extra secure 
communication, 

e) a transmitter/receiver and an antenna to transform 
information to radio waves from digital signals and vice 
versa. 

12. (Previously Amended) A mobile station according to claim 11, 
wherein the output means comprises a display. 

13. (Previously Amended) A mobile station according to claim 
11, wherein the input means comprises a keyboard. 

14. (Previously Amended) A mobile station according to claim 11, 
wherein the mobile station is designed to GSM standards. 

15. (Previously Amended) A mobile station according to claim 11, 
wherein the mobile station is designed to UTMS standards. 
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